SECURITY UPDATE |  |
| Release Date: | 2014-03-03 (Last update can be found below the document title) |
| Description: | False Zip File Size Attack |
| Criticality Level: | Less Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: | Denial of Service |
| Systems Affected: | Canvas LMS |
| Solution Status: | Patched |
| Discovered By: | Mike Naberezny |
| Relevant Changesets: | https://github.com/instructure/canvas-lms/commit/a3cf4748cc4be17c27030728fdd00f79419a2238 |
Summary:
A malicious user could upload a specially formed zip file in order to bypass Canvas' quota checking and extract much larger files than are meant to be allowed. This attack could potentially be used as a Denial of Service attack vector on job workers, and increase Canvas hosting costs.
Status:
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.
